Can You Spot the Red Flags of Medical Identity Theft? FTC Rule Enforcement Now Begins November 1, 2009
The Red Flags Rule, designed to prevent and detect identity theft, takes effect August 1. Health care providers should carefully review the Ruleâ€™s definitions, because you may be surprised at how many health professionals are considered â€œcreditorsâ€ who must develop Identity Theft Prevention Programs. The Red Flags Rule, 16 CFR Â§ 681, applies to â€œfinancial institutionsâ€ and â€œcreditors.â€ However, if your patients are not paying for services at the time that they are received, then you may be considered a creditor. A common example of this is a facility that provides services, submits patientsâ€™ insurance claims, and then bills the individual patients for charges not covered by insurance. In this case, the facility is acting as a creditor for purposes of the Red Flags Rule. Long-term care facilities also are considered creditors if they use deferred payment or billing systems.
Health care professionals who are creditors must implement written Identity Theft Prevention Programs to prevent identity theft and to detect it if itâ€™s occurring in the context of medical identity theft. Your written program may include processes such as verifying your patientsâ€™ identities, asking for photo identification each time your patients receive services, and other steps designed to reduce the incidence of medical identity theft. For most health-care professionals, the written program will be a relatively simple document that sets forth how your organization will detect and respond to any â€œred flagsâ€ that arise in the course of your business.
You can learn more about how these requirements may affect your business by reading the FTCâ€™s publication, The â€œRed Flagsâ€ Rule: What Health Care Providers Need to Know About Complying with New Requirements for Fighting Identity Theft.
What should you do if youâ€™re subject to the new rule and havenâ€™t done anything to prepare? A good place to start is The FTC’s How-To Guide for Business, which includes a guided process for developing your Identity Theft Prevention Program. Youâ€™ll also find a detailed FAQ section to help you get quickly up to speed and stay in compliance with these new requirements.